[Git][security-tracker-team/security-tracker][master] Update status of ansible in dla-needed.txt

Markus Koschany apo at debian.org
Mon Jan 11 00:09:05 GMT 2021 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0003c375 by Markus Koschany at 2021-01-11T01:08:07+01:00
Update status of ansible in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -14,16 +14,8 @@ rather than remove/replace existing ones.
 
 --
 ansible (Markus Koschany)
-  NOTE: 20200506: CVE-2020-1736: The version in jessie does not use the
-  NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0666
-  NOTE: 20200506: in the atomic_move code in basic.py, so is likely vulnerable.
-  NOTE: 20200506: (lamby)
-  NOTE: 20200508: bam: Problem exists with new files only. Existing files
-  NOTE: 20200508: bam: code resets permissions to same value, should be fine.
-  NOTE: 20200508: bam: Upstream fix was to use 660 - https://github.com/ansible/ansible/pull/68970
-  NOTE: 20200508: bam: Upstream fix was reverted - https://github.com/ansible/ansible/pull/68983
-  NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
-  NOTE: 20201228: apo: Partial update will be released this week now.
+  NOTE: 20210111: apo: Testing this version required more time than initally
+  NOTE: 20210111: expected. The plan is to release the working parts soon.
 --
 ceph (Emilio)
   NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0003c37596489f2959a971971b3d2bd972da1e25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0003c37596489f2959a971971b3d2bd972da1e25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210111/877d299c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list